Bitcoin and anonymity have been synonymous since Bitcoin appeared in its white paper in 2009. The wall of anonymity can be easily broken according to a newly released paper posted in Coin Desk news today.
The paper titled, Bitcoin Over Tor Isn’t A Good Idea, written by Pustogarov, a doctoral student at CryptoLUX, the University of Luxembourg’s cryptology research group, and Alex Biryukov, an associate professor who leads the group claim that people have a false assumption that using Tor will provide their anonymity. This is not the case according to these two researchers. It can be broken and without much difficulty.
The paper will be submitted for peer-review at a cryptography and information security conference. The access to a user’s IP address can be successfully manipulated. It is known as the ‘man-in-the middle’ attack. MiTM has been in the news recently as the tool used by the Chinese to break into Google. Once the IP address is known, a virtual attacker of Bitcoin can locate and ‘glue’ transactions performed by the user from their IP address of choice.
The two researchers state in their paper that, “A low-resource attacker can gain full control of information flows between all users who chose to use bitcoin over Tor. In particular the attacker can link together user’s transactions regardless of pseudonyms used … and a totally virtual bitcoin reality can be created for such … users.” They explained in their paper that, when a Tor user connects to a bitcoin network it is considered anonymous and safe. An attack can occur through Tor and access the bitcoin system.
Besides loss of anonymity, the victim would lose their correct transaction record. The innocent victim will receive a confirmation of the bitcoin chain transaction but in reality the victim will have the ‘double-spending attack’ which has plagued bitcoin transactions this past year. Mt. Gox owner, Karpeles, made this double-spending attack theory at the time of his collapse in February. However, actual theft of the bitcoin does not occur according to Pustogarov.
Wallets are safe and bitcoins cannot be stolen. The attack is not that great, according to Pustogarov. Privacy would be lost and there would be a delay in receiving the bitcoin funds. This attack would be performed against privacy-seeking merchants that would be popular on the dark web markets. Rival business owners or unhappy customers could mount an attack to disrupt business.
The iCloud attack announced last Monday by GreatFire.org, which monitors online censorship and surveillance in China announced that MiTM had occurred against Apple and its new iPhone 6. The claim was made that the Chinese government was harvesting names and passwords. A spokesperson for the Chinese government has denied the attack into the Apple core.